The RSA Conference is huge this year - they say 10,000
people, and I believe it. Quite a change from the 60-odd
attendees in 1991 (though most of us are still pretty odd!).

I'm a bit disappointed that nothing has really caught my
attention and excited me.
It's nice to hear Adi Shamir likes the Rijndael algorithm
used by the new NIST Advanced Encryption Standard (AES)
which will be the replacement for the ancient (and broken)
DES. But he did comment that the 10-14 rounds (depending
upon key size) proposed, while sufficient to stay any known
attacks, were
probably insufficient to provide a solution that could last
twenty years...

Overall, though, my cynical "executive" summary of the
conference (and the field) is that
while encryption techniques are getting better and stronger,
attack methods and general user and developer/implementation
errors seem to be increasing at a greater rate.

Here's a snippet from a paper I'm writing on
Reputation Capital and Exchange Mechanisms.

A reputation exchange is similar to a currency exchange,
but trades in reputation capital instead of money. No one
can force you to start using a new currency but if all your
friends - and you - move to France, you'll want to start
using francs. The Reputation Management Framework provides a
plug-in architecture for Reputation Calculation Engines that
make this sort of "reputation-exchange" feasible. The rules
governing the "exchange rate" are set by the administrators
of the respective systems - poor exchange rates will
discourage newcomers while inflated exchange rates will
disgruntle the existing community. A particularly compelling
feature is that reputation exchanges - unlike their
currency-backed counterparts - are not zero-sum, in that the
process of converting a reputation does not destroy the old
one - it merely enables some reputation carry-though systems.

Pymmetry and Bram's "trust" code have gotten me (finally) to
spending a little time with Python. It's fun and easy
though I still have some of the steep part of the learning
curve to go up. Emacs integration seems good, but I can't
seem to find the key-binding to evaluate e.g. a test def in
the file I'm working on. I'm sure there's a way...

Working with existing trust frameworks has got me thinking
about how cool the OpenPrivacy
reputation management framework is. It's designed so that
trust metrics - such as Pymmetry or Slashdot's moderation -
can be plugged in and evaluated *themselves* on their
reputation. So a community that uses e.g. Pymmetry today
can easily switch, if and when a better trust metric (or a
newer version of Pymmetry ;-) comes along. All pre-existing
identities, certification, and reputations would remain
intact, perhaps translated (at owner discretion) to the new
system.

Think of it like a currency exchange, but with reputations.
No one can force you to start using a new currency but if
all your friends move to France, you'll want to start using
francs. The Reputation Management Framework provides a
plug-in architecture for Reputation Calculation Engines that
make this sort of "reputation-exchange" feasible. And since
reputation-exchanges are not zero-sum, you actually get to
keep your old reputation, too!

We're putting the finishing touches on the documentation,
but the code
is available now. We're also working on a example system
called Reptile
(Reputation-enhanced portal using Mozilla technology) -
check it out!

Fought with Debian today. I had moved up to "unstable" on
my personal machine to get access to some new stuff. Guess
I've been lucky - and source control is getting better - as
I've had no problems. But I want to get it back to
"testing" level, which is anything but straightforward.

Trust is key to any anonymous network, indeed to any society.
Pseudonyms that over time prove to be trustworthy develop
reputations
that smooth the process of finding the people/entities that
are most
worth dealing with - within any given domain.

Trust is not generally transitive, as I may trust an auto
mechanic with my car but perhaps not to invest my money.
Ultimately,
we find that trust develops through prior experience and
knowledge, is
spread by word-of-mouth, is dynamic, and non-monotonic.

There's precious little useful research in the computer science
literature on trust and reputations, perhaps because there's
a need to
understand some background in the social sciences as to what
it is and
how it works. But I'm excited that more effort is going in this
direction. Here's a short
Bibliography that I have compiled. Suggestions are welcome!

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser
code is live. It needs further work but already handles most
markup better than the original parser.